Initial commit

2025-11-30 08:44:54 +08:00
commit eb309b7b59
133 changed files with 21979 additions and 0 deletions
--- a/skills/seekdb-docs/official-docs/200.develop/300.ai-function/100.ai-function-permission.md
+++ b/skills/seekdb-docs/official-docs/200.develop/300.ai-function/100.ai-function-permission.md
@@ -0,0 +1,165 @@
+---
+
+slug: /ai-function-permission
+---
+
+# AI function privileges
+
+This topic describes the AI function privileges, including  `AI MODEL` and `ACCESS AI MODEL`, which are used for managing AI models and calling AI functions, respectively.
+
+## AI MODEL
+
+AI MODEL privileges are used for managing AI models. These include three specific privileges: `CREATE AI MODEL`, `ALTER AI MODEL`, and `DROP AI MODEL`.
+
+### Syntax
+
+The syntax for granting privileges is as follows:
+
+```sql
+-- Grant the privilege to create an AI model.
+GRANT CREATE AI MODEL ON *.* TO 'username'@'host';
+
+-- Grant the privilege to change an AI model.
+GRANT ALTER AI MODEL ON *.* TO 'username'@'host';
+
+-- Grant the privilege to drop an AI model.
+GRANT DROP AI MODEL ON *.* TO 'username'@'host';
+
+GRANT CREATE AI MODEL, ALTER AI MODEL, DROP AI MODEL ON *.* TO 'username'@'host';
+```
+
+The syntax for revoking privileges is as follows:
+
+```sql
+-- Revoke the privilege to create an AI model.
+REVOKE CREATE AI MODEL ON *.* FROM 'username'@'host';
+
+-- Revoke the privilege to change an AI model.
+REVOKE ALTER AI MODEL ON *.* FROM 'username'@'host';
+
+-- Revoke the privilege to drop an AI model.
+REVOKE DROP AI MODEL ON *.* FROM 'username'@'host';
+
+-- Check the privileges.
+SHOW GRANTS FOR 'username'@'host';
+```
+
+### Examples
+
+1. Create a user.
+
+    ```sql
+    CREATE USER test_ai_user@'%' IDENTIFIED BY '123456';
+    ```
+
+2. Log in as the `test_ai_user` user.
+
+    ```sql
+    obclient -h 127.0.0.1 -P 2881 -u test_ai_user@'%' -p *** -A -D test;
+    ```
+
+3. Call the `CREATE_AI_MODEL_ENDPOINT` procedure.
+
+    ```sql
+    CALL DBMS_AI_SERVICE.CREATE_AI_MODEL_ENDPOINT (
+        ->   'user_ai_model_endpoint_1', '{
+        '>     "ai_model_name": "my_model1",
+        '>     "url": "https://https://api.deepseek.com",
+        '>     "access_key": "sk-xxxxxxxxxxxx",
+        '>     "request_model_name": "deepseek-chat",
+        '>     "provider": "deepseek"
+        '>   }');
+    ```
+
+    Since the user does not have the `CREATE AI MODEL` privilege, an error is returned:
+
+    ```shell
+    ERROR 42501: Access denied; you need (at least one of) the create ai model endpoint privilege(s) for this operation
+    ```
+
+4. Grant the `CREATE AI MODEL` privilege to the `test_ai_user` user.
+
+    ```sql
+    GRANT CREATE AI MODEL ON *.* TO test_ai_user@'%';
+    ```
+
+5. Verify the privilege.
+
+    ```sql
+    CALL DBMS_AI_SERVICE.CREATE_AI_MODEL_ENDPOINT (
+        ->   'user_ai_model_endpoint_1', '{
+        '>     "ai_model_name": "my_model1",
+        '>     "url": "https://https://api.deepseek.com",
+        '>     "access_key": "sk-xxxxxxxxxxxx",
+        '>     "request_model_name": "deepseek-caht",
+        '>     "provider": "deepseek"
+        '>   }');
+    ```
+
+    This time, the statement executes successfully.
+
+## ACCESS AI MODEL
+
+The `ACCESS AI MODEL` privilege is used for calling AI functions, including `AI_COMPLETE`, `AI_EMBED`, `AI_RERANK`, and `AI_PROMPT`.
+
+### Syntax
+
+The syntax for granting this privilege is as follows:
+
+```sql
+GRANT ACCESS AI MODEL ON *.* TO 'username'@'host';
+```
+
+The syntax for revoking this privilege is as follows:
+
+```sql
+REVOKE ACCESS AI MODEL ON *.* FROM 'username'@'host';
+```
+
+### Examples
+
+1. Call the `AI_COMPLETE` function.
+
+    ```sql
+    SELECT AI_COMPLETE("ob_complete","Your task is to perform sentiment analysis on the provided text and determine whether the sentiment is positive or negative.
+    The text to analyze is as follows:
+    <text>
+    What a beautiful day!
+    </text>
+    Judgment criteria:
+    If the text expresses a positive sentiment, output 1; if it expresses a negative sentiment, output -1. Do not output anything else.\n") AS ans;
+    ```
+
+    Since the user does not have the `ACCESS AI MODEL` privilege, an error is returned:
+
+    ```shell
+    ERROR 42501: Access denied; you need (at least one of) the access ai model endpoint privilege(s) for this operation
+    ```
+
+2. Grant the `ACCESS AI MODEL` privilege to the `test_ai_user` user.
+
+    ```sql
+    GRANT ACCESS AI MODEL ON *.* TO test_ai_user@'%';
+    ```
+
+3. Verify the privilege.
+
+    ```sql
+    SELECT AI_COMPLETE("ob_complete","Your task is to perform sentiment analysis on the provided text and determine whether the sentiment is positive or negative.
+    The text to analyze is as follows:
+    <text>
+    What a beautiful day!
+    </text>
+    Judgment criteria:
+    If the text expresses a positive sentiment, output 1; if it expresses a negative sentiment, output -1. Do not output anything else.\n") AS ans;
+    ```
+
+    This time, the statement executes successfully.
+
+    ```sql
+    +-----+
+    | ans |
+    +-----+
+    | 1   |
+    +-----+
+    ```